* Add tests for the server side.
* Remove restriction for TLS 1.2 so that we can test TLS 1.2 & 1.3.
* Use latest version of openSSL to make sure -max_send_frag &
-split_send_frag flags are supported.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
Namespace BEFORE_COLON and BC defines by prepending MBEDTLS_
and expanding BC to BEFORE_COLON_STR. This is to avoid naming
conflicts with third-party code. No functional change.
Signed-off-by: Stefan Gloor <stefan.gloor@siemens.com>
BEFORE_COLON and BC defines with the accompanying comment are only
required in x509_crt and x509_csr, but not used in x509_crl.c.
Signed-off-by: Stefan Gloor <stefan.gloor@siemens.com>
This commit updates the paths in the documentation for metatest.c as it
has been moved to MbedTLS Framework.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit updates the paths in documentation for test_zeroize since
it has been moved to MbedTLS Framework.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit updates the path for the moved test_zeroize.gdb script which
has been moved to MbedTLS-Framework.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit updates the paths for dlopen_demo.sh in
components-build-system.sh as the file has been moved to the framework.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit updates the file paths necessary for dlopen_demo.sh,
metatest.c query_compile_time_config.c, query_config.h,
query_included_headers.c and zeroize.c.
This commit also adds a CFLAG to find header files now contained in the
framework.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit moves demo_common.sh, dlopen_demo.sh, metatest.c
query_compile_time_config.c, query_config.h, query_included_headers.c,
zeroize.c and test_zeroize.gdb from MbedTLS into the MbedTLS framework.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit moves user-config-zeroize-memset.h to TF-PSA-Crypto where it
more appropriately belongs.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
The first fragment of a fragmented handshake message always starts at the beginning of the buffer so there's no need to store it.
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
Hanshake serialization requires that the selected ciphersuite uses
an AEAD algorithm. However, following the DHE-RSA removal, trying to
still use RSA signature might select a ciphersuite which is not using
AEAD, but CBC instead (see preference order in "ssl_ciphersuite.c").
This is especially problematic in tests scenarios where both GCM and
ChaChaPoly are disabled, so that CCM remains as the only AEAD algorithm.
Ciphersuites using RSA signature and CCM are very low on the preference
list, so very unlikely to be picked in tests. This cause a CBC one to
be selected in this case and the handshake_serialization() function
to fail.
In order to prevent failures from happening, in this commit we require
that either GCM or ChaChaPoly are enabled, so that ciphersuites using one
of these are likely to be picked.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
In this commit also MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED is removed.
This cause some code in "ssl_ciphersuites_internal.h" and
"ssl_tls12_server.c" to became useless, so these blocks are removed
as well.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
